ECAT – Enterprise Compromise Assessment

Chad Loeven, VP Sales and MarketingPascal Longpre, Founder and CTO

Enterprise security todayAV on desktop and server

Firewall

IPS SIEM

• Bluetooth and WiFi can bypass in-line devices

• Inline devices can’t identify what happened on the host in a compromise

Kaspersky – Rated #1 AV overall

>42% of all new malware passed

through undetected

ECAT fills the detection gap

Incident -> Rapid breach detection Recovery Forensics

The ECAT solution: no signatures• Host-based Deep Scan

• Network traffic

• Live Memory Analysis

• Machine Suspect Level

ECAT Agent

ECAT Agent

ECAT AgentECAT Agent

ECAT Agent

ECAT Agent

ECAT Agent ECAT Agent

ECAT Overview – server and agent

Report over SSL

UDP heartbeat

Server-side analysis of the endpoint

ECAT – Baselines and whitelists

Whitelisting:• Bit9 Global Software Registry (GSR)• NIST database of known-good hashes• ECAT whitelist including Microsoft MSDN

• Server-side Cert validation

• Opswat Metascan scans against 6 or more AV engines

ECAT – Enterprise Compromise Assessment

Full System Inventory

Live Memory Analysis

Direct physical disk inspection

Certificate Validation

Application Whitelisting

Multi-engine AV scan

Network Traffic analysis

• Rapid Breach Detection

• Signature-less

• Fills the gap in desktop defense

• Actionable information -fast

• Remediation

in a Finding an evil

haystack

ECAT – Enterprise Compromise Assessment

www.siliciumsecurity.com